PyShell is new tool made for bug bounty, ethical hacking, penetration testers or red-teamers. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells, the main goal of the tool is to use as little…

As we come to the end of the first quarter of 2022, we want to take some time to look back over our cases from 2021, in aggregate, and look at some of the top tactics, techniques and procedures (TT…

SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities. - GitHub - agrawalsmart7/scodescanner: SCodeScanner stands for Source...

AutoWarp is a critical vulnerability in Microsoft Azure Automation Service that allows unauthorized access to other customer accounts using the service.

Posted in r/netsec by u/nathanAbejeM • 0 points and 0 comments

Posted in r/netsec by u/moviuro • 2 points and 0 comments

Posted in r/netsec by u/nathanAbejeM • 3 points and 0 comments

We disclosed several GKE Autopilot vulnerabilities and attack techniques to Google. The issues are now fixed – we provide a technical analysis.

RESEARCH // TLSTORM TLStorm Three critical vulnerabilities discovered in APC Smart-UPS devices can allow attackers to remotely manipulate the power of

DomainProactive helps businesses stay on top of Internet security and best practices.

A new reflection/amplification distributed denial-of-service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks

In the course of these two articles, we will share an analysis of some aspects of reversing a low-level binary.

Posted in r/netsec by u/eberkut • 1 point and 0 comments

Core module for Forgiva Enterprise connecting Forgiva Server to Forgiva Webclient. - GitHub - Sceptive/forgiva-integrator: Core module for Forgiva Enterprise connecting Forgiva Server to Forgiva We...

Yarn, Pip, Composer & friends: Learn about 3 types of vulnerabilities we found in popular package managers that can be used by attackers to target developers.

Contribute to Accenture/VulFi development by creating an account on GitHub.

BHI (or Spectre-BHB) is a revival of cross-privilege Spectre-v2 attacks on modern systems deploying in-hardware defenses. And we have a very neat end-to-end exploit leaking arbitrary kernel memory on modern Intel CPUs to prove it

Local privilege escalation flaw in the Linux Kernel was disclosed on Monday, nicknamed “Dirty Pipe” ID CVE-2022-0847.

Based on the CrowdSec data shared by the community, this first edition of the report provides an overview of the main cyber threats identified worldwide.

Posted in r/netsec by u/albinowax • 101 points and 0 comments

------ Update 03/12/2022 Reuters has published new information on this incident, which initially matches the proposed scenario. You can find...